Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-19580 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421.
network
high complexity
xen fedoraproject CWE-362
6.6
2019-12-04 CVE-2019-19579 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424.
low complexity
xen fedoraproject CWE-20
6.8
2019-10-31 CVE-2019-18424 OS Command Injection vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device.
6.8
2019-10-31 CVE-2019-18420 Use of Externally-Controlled Format String vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall.
network
low complexity
xen debian fedoraproject CWE-134
6.5
2019-10-08 CVE-2019-17349 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
local
low complexity
xen debian CWE-835
5.5
2019-10-08 CVE-2019-17348 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
local
low complexity
xen debian CWE-20
6.5
2019-10-08 CVE-2019-17345 An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
local
low complexity
xen debian
4.9
2019-10-08 CVE-2019-17344 Improper Synchronization vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
local
low complexity
xen debian CWE-662
4.9
2019-10-08 CVE-2019-17343 Improper Locking vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
local
low complexity
xen debian CWE-667
4.6
2019-10-08 CVE-2019-17340 Memory Leak vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
local
low complexity
xen debian CWE-401
6.1